Securing Web Browsing on a Managed User Device

1. A method for accessing secure content from an unmanaged web browser on a managed user device, comprising: sending, from the unmanaged browser to a server, a request for secure content, wherein the server is part of a unified endpoint management (UEM) system to which the managed user device is enrolled, and wherein a managed browser extension is installed on the unmanaged browser, the managed browser extension being managed by the UEM system; prompting a user for authentication credentials in an instance where the request is redirected to an identity manager; when the credentials are authenticated, receiving, by the managed browser extension installed on the unmanaged browser, a first session token and a temporary token from the server or the identity manager; sending the first session token and the temporary token from the managed browser extension to a managed application on the managed user device; validating, by the managed application at the managed user device, that the first session token was received from a trusted source; sending the first session token, temporary token, and a second session token to the server, the second session token having been obtained by the managed application upon enrollment of the managed device with the UEM system; and receiving authorization to access the secure content.

2. The method of claim 1, wherein receiving the first session token and the temporary token includes decrypting, by the managed browser extension, the first session token and the temporary token.

3. The method of claim 1, wherein the method further comprises, prior to sending the first session token, the temporary token, and the second session token to the server: prompting the user to enter a passcode; receiving the passcode from user input; and verifying that the passcode matches a passcode previously provided by the user.

4. The method of claim 1, wherein the temporary token expires after a predetermined amount of time.

5. The method of claim 1, wherein the method further comprises, prior to receiving authorization to access the secure content: verifying that the managed user device is compliant with a set of policies; and sending, to the server, a notification that the managed user device is compliant, wherein receiving authorization to access the secure content is dependent on the managed user device being compliant.

6. A non-transitory, computer-readable medium containing instructions that, when executed by a hardware-based processor, causes the processor to perform stages for accessing secure content from an unmanaged web browser on a managed user device, the stages comprising: sending, from the unmanaged browser to a server, a request for secure content, wherein the server is part of a unified endpoint management (UEM) system to which the managed user device is enrolled, and wherein a managed browser extension is installed on the unmanaged browser, the managed browser extension being managed by the UEM system; prompting a user for authentication credentials in an instance where the request is redirected to an identity manager; when the credentials are authenticated, receiving, by the managed browser extension installed on the unmanaged browser, a first session token and a temporary token from the server or the identity manager; sending the first session token and the temporary token from the managed browser extension to a managed application on the managed user device; validating, by the managed application at the managed user device, that the first session token was received from a trusted source; sending the first session token, temporary token, and a second session token to the server, the second session token having been obtained by the managed application upon enrollment of the managed device with the UEM system; and receiving authorization to access the secure content.

7. The non-transitory, computer-readable medium of claim 6, wherein receiving the first session token and the temporary token includes decrypting, by the managed browser extension, the first session token and the temporary token.

8. The non-transitory, computer-readable medium of claim 6, wherein the stages further comprise, prior to sending the first session token, the temporary token, and the second session token to the server: prompting the user to enter a passcode; receiving the passcode from user input; and verifying that the passcode matches a passcode previously provided by the user.

9. The non-transitory, computer-readable medium of claim 6, wherein the temporary token expires after a predetermined amount of time.

10. The non-transitory, computer-readable medium of claim 6, wherein the stages further comprise, prior to receiving authorization to access the secure content: verifying that the managed user device is compliant with a set of policies; and sending, to the server, a notification that the managed user device is compliant, wherein receiving authorization to access the secure content is dependent on the managed user device being compliant.

11. A system for accessing secure content from an unmanaged web browser on a managed user device, comprising: a memory storage including a non-transitory, computer-readable medium comprising instructions; and a hardware-based processor that executes the instructions to carry out stages comprising: sending, from the unmanaged browser to a server, a request for secure content, wherein the server is part of a unified endpoint management (UEM) system to which the managed user device is enrolled, and wherein a managed browser extension is installed on the unmanaged browser, the managed browser extension being managed by the UEM system; prompting a user for authentication credentials in an instance where the request is redirected to an identity manager; when the credentials are authenticated, receiving, by the managed browser extension installed on the unmanaged browser, a first session token and a temporary token from the server or the identity manager; sending the first session token and the temporary token from the managed browser extension to a managed application on the managed user device; validating, by the managed application at the managed user device, that the first session token was received from a trusted source; sending the first session token, temporary token, and a second session token to the server, the second session token having been obtained by the managed application upon enrollment of the managed device with the UEM system; and receiving authorization to access the secure content.

12. The system of claim 11, wherein receiving the first session token and the temporary token includes decrypting, by the managed browser extension, the first session token and the temporary token.

13. The system of claim 11, wherein the stages further comprise, prior to sending the first session token, the temporary token, and the second session token to the server: prompting the user to enter a passcode; receiving the passcode from user input; and verifying that the passcode matches a passcode previously provided by the user.

14. The system of claim 11, wherein the temporary token expires after a predetermined amount of time.

15. The method of claim 1, wherein the managed browser extension is downloaded from the UEM management system by the managed application and installed in the unmanaged web browser on the managed user device in response to instructions received by the managed application from the UEM system.

16. The non-transitory, computer-readable medium of claim 6, wherein the managed browser extension is downloaded from the UEM management system by the managed application and installed in the unmanaged web browser on the managed user device in response to instructions received by the managed application from the UEM system.

17. The system of claim 11, wherein the managed browser extension is downloaded from the UEM management system by the managed application and installed in the unmanaged web browser on the managed user device in response to instructions received by the managed application from the UEM system.